1.\" Copyright (c) 1983, 1986, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.\" @(#)syslogd.8 8.1 (Berkeley) 6/6/93 29.\" $FreeBSD$ 30.\" 31.Dd November 28, 2017 32.Dt SYSLOGD 8 33.Os 34.Sh NAME 35.Nm syslogd 36.Nd log systems messages 37.Sh SYNOPSIS 38.Nm 39.Op Fl 468ACcdFHkNnosTuv 40.Op Fl a Ar allowed_peer 41.Op Fl b Ar bind_address 42.Op Fl f Ar config_file 43.Op Fl l Oo Ar mode Ns \&: Oc Ns Ar path 44.Op Fl m Ar mark_interval 45.Op Fl P Ar pid_file 46.Op Fl p Ar log_socket 47.Op Fl S Ar logpriv_socket 48.Sh DESCRIPTION 49The 50.Nm 51utility reads and logs messages to the system console, 52log files, 53other 54machines and/or users as specified by its configuration file. 55.Pp 56The options are as follows: 57.Bl -tag -width indent 58.It Fl 4 59Force 60.Nm 61to use IPv4 addresses only. 62.It Fl 6 63Force 64.Nm 65to use IPv6 addresses only. 66.It Fl 8 67Tells 68.Nm 69not to interfere with 8-bit data. 70Normally 71.Nm 72will replace C1 control characters 73.Pq ISO 8859 and Unicode characters 74with their 75.Dq M- Ns Em x 76equivalent. 77Note, this option does not change the way 78.Nm 79alters control characters 80.Pq see Xr iscntrl 3 . 81They will always be replaced with their 82.Dq ^ Ns Em x 83equivalent. 84.It Fl A 85Ordinarily, 86.Nm 87tries to send the message to only one address 88even if the host has more than one A or AAAA record. 89If this option is specified, 90.Nm 91tries to send the message to all addresses. 92.It Fl a Ar allowed_peer 93Allow 94.Ar allowed_peer 95to log to this 96.Nm 97using UDP datagrams. 98Multiple 99.Fl a 100options may be specified. 101.Pp 102The 103.Ar allowed_peer 104option may be any of the following: 105.Bl -tag -width "ipaddr[/prefixlen][:service]XX" 106.It Xo 107.Sm off 108.Ar ipaddr 109.Op / Ar masklen 110.Op \&: Ar service 111.Pp 112.Ar ipaddr 113.Op / Ar prefixlen 114.Op \&: Ar service 115.Sm on 116.Xc 117Accept datagrams from 118.Ar ipaddr , 119.Ar ipaddr 120can be specified as an IPv4 address or as an IPv6 121address enclosed with 122.Ql \&[ 123and 124.Ql \&] . 125If specified, 126.Ar service 127is the name or number of an UDP service (see 128.Xr services 5 ) 129the source packet must belong to. 130A 131.Ar service 132of 133.Ql \&* 134accepts UDP packets from any source port. 135The default 136.Ar service 137is 138.Ql syslog . 139If 140.Ar ipaddr 141is IPv4 address, a missing 142.Ar masklen 143will be substituted by the historic class A or class B netmasks if 144.Ar ipaddr 145belongs into the address range of class A or B, 146respectively, 147or by 24 otherwise. 148If 149.Ar ipaddr 150is IPv6 address, 151a missing 152.Ar masklen 153will be substituted by 128. 154.It Xo 155.Sm off 156.Ar domainname Op \&: Ar service 157.Sm on 158.Xc 159Accept datagrams where the reverse address lookup yields 160.Ar domainname 161for the sender address. 162The meaning of 163.Ar service 164is as explained above. 165.Ar domainname 166can contain special characters of a shell-style pattern such as 167.Ql Li \&* . 168.El 169.Pp 170The 171.Fl a 172options are ignored if the 173.Fl s 174option is also specified. 175.It Xo 176.Fl b 177.Sm off 178.Ar bind_address Op \&: Ar service 179.Sm on 180.Xc 181.It Xo 182.Fl b 183.Sm off 184.Li \&: Ar service 185.Sm on 186.Xc 187Bind to a specific address and/or port. 188The address can be specified as a hostname, 189and the port as a service name. 190If an IPv6 address is specified, it should be enclosed with 191.Ql \&[ 192and 193.Ql \&] . 194The default 195.Ar service 196is 197.Ql syslog . 198This option can be specified multiple times to bind to 199multiple addresses and/or ports. 200.It Fl C 201Create log files that do not exist 202.Pq permission is set to Ql Li 0600 . 203.It Fl c 204Disable the compression of repeated instances of the same line 205into a single line of the form 206.Dq Li "last message repeated N times" 207when the output is a pipe to another program. 208If specified twice, 209disable this compression in all cases. 210.It Fl d 211Put 212.Nm 213into debugging mode. 214This is probably only of use to developers working on 215.Nm . 216.It Fl f Ar config_file 217Specify the pathname of an alternate configuration file; 218the default is 219.Pa /etc/syslog.conf . 220.It Fl F 221Run 222.Nm 223in the foreground, 224rather than going into daemon mode. 225This is useful if some other process uses 226.Xr fork 2 227and 228.Xr exec 3 229to run 230.Nm , 231and wants to monitor when and how it exits. 232.It Fl H 233When logging remote messages use hostname from the message (if supplied) 234instead of using address from which the message was received. 235.It Fl k 236Disable the translation of 237messages received with facility 238.Dq kern 239to facility 240.Dq user . 241Usually the 242.Dq kern 243facility is reserved for messages read directly from 244.Pa /dev/klog . 245.It Fl m Ar mark_interval 246Select the number of minutes between 247.Dq mark 248messages; 249the default is 20 minutes. 250.It Fl N 251Disable binding on UDP sockets. 252RFC 3164 recommends that outgoing 253.Nm 254messages should originate from the privileged port, 255this option 256.Em disables 257the recommended behavior. 258This option inherits 259.Fl s . 260.It Fl n 261Disable DNS query for every request. 262.It Fl o 263Prefix kernel messages with the full kernel boot file as determined by 264.Xr getbootfile 3 . 265Without this, the kernel message prefix is always 266.Dq Li kernel: . 267.It Fl p Ar log_socket 268Specify the pathname of an alternate log socket to be used instead; 269the default is 270.Pa /var/run/log . 271When a single 272.Fl p 273option is specified, 274the default pathname is replaced with the specified one. 275When two or more 276.Fl p 277options are specified, 278the remaining pathnames are treated as additional log sockets. 279.It Fl P Ar pid_file 280Specify an alternative file in which to store the process ID. 281The default is 282.Pa /var/run/syslog.pid . 283.It Fl S Ar logpriv_socket 284Specify the pathname of an alternate log socket for privileged 285applications to be used instead; 286the default is 287.Pa /var/run/logpriv . 288When a single 289.Fl S 290option is specified, 291the default pathname is replaced with the specified one. 292When two or more 293.Fl S 294options are specified, 295the remaining pathnames are treated as additional log sockets. 296.It Fl l Oo Ar mode Ns \&: Oc Ns Ar path 297Specify a location where 298.Nm 299should place an additional log socket. 300The primary use for this is to place additional log sockets in 301.Pa /var/run/log 302of various chroot filespaces. 303File permissions for socket can be specified in octal representation in 304.Ar mode , 305delimited with a colon. 306The socket location must be specified as an absolute pathname in 307.Ar path . 308.It Fl s 309Operate in secure mode. 310Do not log messages from remote machines. 311If specified twice, 312no network socket will be opened at all, 313which also disables logging to remote machines. 314.It Fl T 315Always use the local time and date for messages received from the network, 316instead of the timestamp field supplied in the message by the remote host. 317This is useful if some of the originating hosts cannot keep time properly 318or are unable to generate a correct timestamp. 319.It Fl u 320Unique priority logging. 321Only log messages at the specified priority. 322Without this option, 323messages at the stated priority or higher are logged. 324This option changes the default comparison from 325.Dq => 326to 327.Dq = . 328.It Fl v 329Verbose logging. 330If specified once, 331the numeric facility and priority are 332logged with each locally-written message. 333If specified more than once, 334the names of the facility and priority are logged with each locally-written 335message. 336.El 337.Pp 338The 339.Nm 340utility reads its configuration file when it starts up and whenever it 341receives a hangup signal. 342For information on the format of the configuration file, 343see 344.Xr syslog.conf 5 . 345.Pp 346The 347.Nm 348utility reads messages from the 349.Ux 350domain sockets 351.Pa /var/run/log 352and 353.Pa /var/run/logpriv , 354from an Internet domain socket specified in 355.Pa /etc/services , 356and from the special device 357.Pa /dev/klog 358.Pq to read kernel messages . 359.Pp 360The 361.Nm 362utility creates its process ID file, 363by default 364.Pa /var/run/syslog.pid , 365and stores its process 366ID there. 367This can be used to kill or reconfigure 368.Nm . 369.Pp 370The message sent to 371.Nm 372should consist of a single line. 373The message can contain a priority code, 374which should be a preceding 375decimal number in angle braces, 376for example, 377.Sq Aq 5 . 378This priority code should map into the priorities defined in the 379include file 380.In sys/syslog.h . 381.Pp 382For security reasons, 383.Nm 384will not append to log files that do not exist 385.Po unless Fl C 386option is specified 387.Pc ; 388therefore, they must be created manually before running 389.Nm . 390.Pp 391The date and time are taken from the received message. 392If the format of the timestamp field is incorrect, 393time obtained from the local host is used instead. 394This can be overridden by the 395.Fl T 396flag. 397.Sh FILES 398.Bl -tag -width /var/run/syslog.pid -compact 399.It Pa /etc/syslog.conf 400configuration file 401.It Pa /var/run/syslog.pid 402default process ID file 403.It Pa /var/run/log 404name of the 405.Ux 406domain datagram log socket 407.It Pa /var/run/logpriv 408.Ux 409socket for privileged applications 410.It Pa /dev/klog 411kernel log device 412.El 413.Sh SEE ALSO 414.Xr logger 1 , 415.Xr syslog 3 , 416.Xr services 5 , 417.Xr syslog.conf 5 , 418.Xr newsyslog 8 419.Sh HISTORY 420The 421.Nm 422utility appeared in 423.Bx 4.3 . 424.Pp 425The 426.Fl a , 427.Fl s , 428.Fl u , 429and 430.Fl v 431options are 432.Fx 2.2 433extensions. 434.Sh BUGS 435The ability to log messages received in UDP packets is equivalent to 436an unauthenticated remote disk-filling service, 437and should probably be disabled by default. 438Some sort of 439.No inter- Ns Nm syslogd 440authentication mechanism ought to be worked out. 441To prevent the worst abuse, 442use of the 443.Fl a 444option is therefore highly recommended. 445.Pp 446The 447.Fl a 448matching algorithm does not pretend to be very efficient; 449use of numeric IP addresses is faster than domain name comparison. 450Since the allowed peer list is being walked linearly, 451peer groups where frequent messages are being anticipated 452from should be put early into the 453.Fl a 454list. 455.Pp 456The log socket was moved from 457.Pa /dev 458to ease the use of a read-only root file system. 459This may confuse 460some old binaries so that a symbolic link might be used for a 461transitional period. 462